I realize that there are too many variables to answer this question with great precision so consider this a reality check. Our server has been under very heavy attack over the last few weeks. I have been adding individual hosts who try to exploit either httpd or smtp. I now have an input rule set of several hundred lines. Does that seem terribly over-sized or is that fairly common?
